Fix tests with new keystoneclient

A number of changes with keystoneclient breaks our tests. First, a kwarg changed for cache.set(). It should be 'time' now, not 'timeout'. Also: keystone middleware now looks for an 'expires' in the token. Sample conf needed regenerated, also, due to changes. Change-Id: I33c4f1bae5a3c89b47fd21f8db1b4a4d536ed369 Closes-bug: 1324655
2014-05-29 11:42:57 -07:00 · 2014-05-29 11:42:57 -07:00 · 6901cbfd71
commit 6901cbfd71
parent c4b236b086
2 changed files with 30 additions and 8 deletions
--- a/etc/ironic/ironic.conf.sample
+++ b/etc/ironic/ironic.conf.sample
@ -728,7 +728,7 @@
 #auth_uri=<None>

 # Complete admin Identity API endpoint. This should specify
-# the unversioned root endpoint eg. https://localhost:35357/
+# the unversioned root endpoint e.g. https://localhost:35357/
 # (string value)
 #identity_uri=<None>

@ -749,9 +749,12 @@
 # with Identity API Server. (integer value)
 #http_request_max_retries=3

-# Single shared secret with the Keystone configuration used
-# for bootstrapping a Keystone installation, or otherwise
-# bypassing the normal authentication process. (string value)
+# This option is deprecated and may be removed in a future
+# release. Single shared secret with the Keystone
+# configuration used for bootstrapping a Keystone
+# installation, or otherwise bypassing the normal
+# authentication process. This option should not be used, use
+# `admin_user` and `admin_password` instead. (string value)
 #admin_token=<None>

 # Keystone account username (string value)
@ -803,7 +806,7 @@
 # number of revocation events combined with a low cache
 # duration may significantly reduce performance. (integer
 # value)
-#revocation_cache_time=300
+#revocation_cache_time=10

 # (optional) if defined, indicate whether token data should be
 # authenticated or authenticated and encrypted. Acceptable
@ -836,6 +839,23 @@
 # value)
 #enforce_token_bind=permissive

+# If true, the revocation list will be checked for cached
+# tokens. This requires that PKI tokens are configured on the
+# Keystone server. (boolean value)
+#check_revocations_for_cached=false
+
+# Hash algorithms to use for hashing PKI tokens. This may be a
+# single algorithm or multiple. The algorithms are those
+# supported by Python standard hashlib.new(). The hashes will
+# be tried in the order given, so put the preferred one first
+# for performance. The result of the first hash will be stored
+# in the cache. This will typically be set to multiple values
+# only while migrating from a less secure algorithm to a more
+# secure one. Once all the old tokens are expired this option
+# should be set to a single value for better performance.
+# (list value)
+#hash_algorithms=md5
+

 [matchmaker_ring]

--- a/ironic/tests/api/utils.py
+++ b/ironic/tests/api/utils.py
@ -33,7 +33,8 @@ class FakeMemcache(object):
    _cache = {
        'tokens/%s' % ADMIN_TOKEN: {
            'access': {
-                'token': {'id': ADMIN_TOKEN},
+                'token': {'id': ADMIN_TOKEN,
+                          'expires': '2100-09-11T00:00:00'},
                'user': {'id': 'user_id1',
                         'name': 'user_name1',
                         'tenantId': '123i2910',
@ -44,7 +45,8 @@ class FakeMemcache(object):
        },
        'tokens/%s' % MEMBER_TOKEN: {
            'access': {
-                'token': {'id': MEMBER_TOKEN},
+                'token': {'id': MEMBER_TOKEN,
+                          'expires': '2100-09-11T00:00:00'},
                'user': {'id': 'user_id2',
                         'name': 'user-good',
                         'tenantId': 'project-good',
@ -64,7 +66,7 @@ class FakeMemcache(object):
        dt = datetime.datetime.utcnow() + datetime.timedelta(minutes=5)
        return json.dumps((self._cache.get(key), dt.isoformat()))

-    def set(self, key, value, timeout=None):
+    def set(self, key, value, time=0, min_compress_len=0):
        self.set_value = value
        self.set_key = key